Get the latest security news in your inbox.

I’ve just finished committing the first alpha release of ClearCutter to the Alienvault-Garage repository on GoogleCode. It’s a tool born of necessity, for anyone whose spent a good amount of time on those ‘SIEM pre-processing’ tasks, neck-deep in sed, grep,awk, uniq.

Clearcutter (because it ‘clears a forest of logs’) is my work-in-progress combination tool for all those log pre-analysis tasks we here at Alienvault find ourselves doing repetitively. We figure if it’s useful to us, it will be just as useful to other people out there looking to add new device types into OSSIM and find the log entries they need to build effective correlation rules:

Here’s a short planned feature list

Find Individual Log messages in a log file - ever tried to find all the unique message types in a log sample? this will do it for you.

Currently only the first function is implemented,though I’ll be updating this tool rather regularly in-between other things I’m working on, and I’m certainly interested in hearing back from people’s experiences with the accuracy and utility of clearcutter as it progresses. As it stands today, it’s not the fastest tool out there, but Donald Knuth tells me that Early Optimization is the root of all evil, right?